Commit graph

24 commits

Author SHA1 Message Date
James Bottomley
d6e4bff8f1 Add support for openssl-3
We're currently using a raft of APIs which trigger deprecation
warnings, so add OPENSSL_API_COMPAT to the command line for openssl-3
to cause them not to break the build.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-06-13 18:12:08 -04:00
Andreas Schwab
25af2eb5e3 sbsigntool: add support for RISC-V 64-bit PE/COFF images
Signed-off-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2022-03-04 16:43:24 -05:00
James Bottomley
d52f7bbb73 Version 0.9.4
AKASHI Takahiro (1):
      sbsign: allow for adding intermediate certificates

James Bottomley (8):
      sbverify: fix verification with intermediate certificates
      Tests: Add intermediate certificate tests to the sign-verify cases
      Fix some openssl 1.1.0 deprecated functions
      sbvarsign: remove unused global variable
      sbverify: refer to unused function
      Fix errors on 32 bit
      Enable -Werror for builds
      docs: add man page for sbkeysync

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2020-06-11 16:32:13 -07:00
James Bottomley
fe88da5f66 Version 0.9.3
James Bottomley (1):
      README: update git location and add mailing list information

Laszlo Ersek (1):
      sbvarsign: fix "EFI_VARIABLE_AUTHENTICATION_2.TimeStamp.Year" assignment

Steve McIntyre (1):
      Fix PE/COFF checksum calculation

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2020-01-09 09:33:38 -08:00
James Bottomley
216dbd3331 Version 0.9.2
Fix fedora build
Fix variable signing for current tianocore
Fix image processing not to invalidate existing signatures

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2019-01-09 16:09:37 -08:00
Guy Lunardi
704d2c2506 Fix Fedora Build
Of course, Fedora puts gnu-efi in yet another different, non-standard place

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2018-02-20 15:36:19 -05:00
James Bottomley
a631793f2d Version 0.9.1
Add support for engine based keys

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-28 14:23:16 +01:00
James Bottomley
62c9352519 Version 0.9
This version builds correctly on openssl 1.1 and also includes
functional autotests for every architecture.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 11:18:29 -07:00
James Bottomley
f065bb5705 tests: Fix up to work on arbitrary architectures
The current test infrastructure is tied to x86/amd64.  This means the
tests always fail on a non-x86 architecture (like aarch64).  Fix this
by generating the efi binary directly from C code and removing the
architectural restrictions in the Makefile.am.  One of the
consequences of this is that we no longer test ia32 on x86_64, but the
difficulty of detecting which architectures can support 32 bit
variants and generating them correctly from EFI c code is too great.

We also need to exclude tests involving objdump from aarch64 since its
bfd still doesn't have an efi_app_aarch64 target.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2017-10-19 10:45:58 -07:00
James Bottomley
df8303a4e3 Version: 0.8
This version works correctly on arm 32 and 64.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2016-02-14 12:04:45 -08:00
James Bottomley
3b4e9bb901 configure: build on arm
arm has a variety of uname -m forms, all beginning with arm, so use
this to determine the EFI architecture

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2016-02-12 15:46:44 -08:00
James Bottomley
706bec1a95 OBS add correcting definition of EFI_ARCH
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2015-01-06 12:45:03 -08:00
James Bottomley
ed53774c2f Version 0.7
Change responsible person to James Bottomley

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2014-12-19 16:44:54 -08:00
Jeremy Kerr
a7577f56b3 Version 0.6
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-10-11 20:32:32 +08:00
Jeremy Kerr
cd51a26911 Version 0.5
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-10-10 09:00:55 +08:00
Jeremy Kerr
6bfa9f3349 Version 0.4
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-10-02 17:12:02 +08:00
Jeremy Kerr
c7ee585439 Move sources to src/ subdirectory
We have a number of source files now, so move them from the top level to
src/

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 15:10:21 +08:00
Jeremy Kerr
953b00481f sbvarsign: First cut of a variable-signing tool
Add sbvarsign, to sign variables to be passed to the efivars filesystem.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-02 16:46:51 +08:00
Jeremy Kerr
b0ef29caaf Version 0.3
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 15:16:46 +08:00
Ivan Hu
14cff46671 configure: Add check for bfh.h
We need bfd.h for the image object, so add a check for it in
configure.ac.

Signed-off-by: Ivan Hu <ivanh.hu@canonical.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-20 11:59:32 +08:00
Jeremy Kerr
2added6a45 Version 0.2
We have a new tool (sbattach) now, so bump to version 0.2.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:30:29 +08:00
Jeremy Kerr
b05afccde0 tests: Add a few simple tests
Add a few tests for the sign, verify, attach and detach code. These
require some additional infrastructure to create a sample PE/COFF
executable, plus a key & cert for testing.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 14:23:26 +08:00
Jeremy Kerr
9786761e4f docs: Fix manpage creation
$(builddir) should be $(top_builddir), and we need a valid definition of
MKDIR_P to create the docs.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 14:37:33 +08:00
Jeremy Kerr
3def238360 autoconfiscate
Add autoconf & automake metadata, plus required files for automake to
run without complaint.

Requires an update to ccan, to get the --build-type argument to
create-ccan-tree.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:35:48 +08:00